Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): Bump hyper to fix CVE-2022-31394 #72

Merged
merged 1 commit into from
Dec 14, 2023
Merged

fix(deps): Bump hyper to fix CVE-2022-31394 #72

merged 1 commit into from
Dec 14, 2023

Conversation

keelerm84
Copy link
Member

No description provided.

@keelerm84 keelerm84 requested a review from a team December 13, 2023 14:01
@shortcut-integration Shortcut Integration
Copy link

This pull request has been linked to Shortcut Story #226796: Bump Rust SDK dependencies to fix security vulnerability.

keelerm84
keelerm84 commented Dec 13, 2023
View reviewed changes
contract-tests/Cargo.toml
@@ -13,7 +13,7 @@ actix = { version = "0.13.1"}
actix-web = { version = "4"}
reqwest = { version = "0.11.6", default-features = false, features = ["json", "rustls-tls"] }
env_logger = { version = "0.10.0" }
hyper = { version = "0.14.17", features = ["client", "http1", "tcp"] }
hyper = { version = "0.14.19", features = ["client", "http1", "tcp"] }
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't the latest hyper 0.14.x version. This is the minimum required to fix the CVE. Figured leaving as much room in version matching as possible would help keep upstream packages smaller.

@keelerm84 keelerm84 mentioned this pull request Dec 13, 2023
Merged
@keelerm84 keelerm84 merged commit 48d9555 into main Dec 14, 2023
2 checks passed
@keelerm84 keelerm84 deleted the mk/sc-226796/rust-deps branch December 14, 2023 13:55
@github-actions github-actions bot mentioned this pull request Dec 14, 2023
Merged
keelerm84 pushed a commit that referenced this pull request Dec 20, 2023
@github-actions
chore(main): release 0.12.2 (#73)
85e42c0 
🤖 I have created a release *beep* *boop*
---


##
[0.12.2](0.12.1...0.12.2)
(2023-12-20)


### Bug Fixes

* **deps:** Bump hyper to fix CVE-2022-31394
([#72](#72))
([48d9555](48d9555))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cwaldren-ld cwaldren-ld cwaldren-ld approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@keelerm84 @cwaldren-ld